programming4us
programming4us
DESKTOP

Windows 8 : Determining who’s who through authentication (part 2) - User name and password-based authentication

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

User name and password-based authentication

The most common method of authenticating users is by user names and passwords. Windows 8 can use two possible types of user name and password credentials:

  • Domain-based authentication (Active Directory domains in Windows environments)

  • Security account manager database authentication

When an employee signs in to a computer joined to a domain, Windows passes the request to a domain controller, which checks the credentials provided against the domain’s list of user accounts. In Active Directory environments, this is handled by Kerberos, which verifies the provided credentials and determines whether the sign-in should be allowed. Kerberos is a standard authentication protocol Windows (and other operating systems) uses to identify users during the sign-in process. If the credentials are correct, Kerberos provides resources to the account that allow it to access resources within a domain. This enables an authenticated user within the domain to access any resources for which he or she is authorized throughout the domain.

For example, Fernando is a user in the shipping department at Tailspin Toys. When he arrives at his desk in the morning, the first thing he does is sign in to Windows. Tailspin Toys uses standard user name and password authentication; Fernando enters his user name and password. When he clicks OK, the local Windows-based computer passes these credentials to a domain controller within the environment. When the domain controller receives the request, it checks the credentials against the Active Directory database. This includes:

  • Making sure the account exists.

  • Distributing an encrypted ticket and hashing the account password for access to other resources in the domain.

  • Checking the age of the password, if enforced.

  • Ensuring that the user account is not locked out for exceeding the number of sign-in attempts allowed by the organization’s security policy.

After these items have been verified, Kerberos returns a ticket for the user account. This ticket allows the user to access any resource that exists within the domain and for which the account is authorized without further proof of identity. Fernando can then access the printer down the hall from his desk and his email without further sign-ins. This is sometimes referred to as single sign-on (SSO).

If the sign-in attempt does not succeed, perhaps Fernando’s password recently changed, and he has misspelled or forgotten it. When Fernando attempts to sign in, Kerberos uses the Key Distribution Center to issue a ticket for this sign-in. If the user account can decrypt the ticket and passes preauthentication checks for the provided username, the authentication passes. Providing the wrong password would not allow the information to be decrypted when it is returned and would cause the sign-in to fail. When the credentials fail to pass verification, Windows displays a message telling Fernando that the information provided was incorrect.

Using a user name and password combination is the default sign-in method in Windows 8; however, configuration settings can make this method more secure. Some of these options include:

  • Password expiration

  • Password length requirements

  • Password complexity requirements

  • Minimum and maximum password age configuration

  • Password history retention

Windows local accounts allow passwords up to 256 characters in length; your organization might have policies that impose restrictions on that limit.

Important

THE CLOUD CHANGES THINGS

Because Windows 8 connects to the cloud by using a Microsoft account, which is the default selection during setup, the password entered is limited to 16 characters. If you want to use a longer/stronger password, use a local account instead of a Microsoft account for your computer.

Password settings for a local computer are specified in the local computer policy, as shown in Figure 3. To start the Local Computer Policy snap-in, complete the following steps:

  1. Select the Settings charm.

  2. Select Control Panel.

  3. Tap or click the System and Security category.

  4. Tap or click Administrative Tools.

  5. Select Local Security Policy.

Configuring passwords for the local computer

Figure 3. Configuring passwords for the local computer

You can configure the following password settings:

  • Minimum and maximum password age Using these two settings, as the administrator you can specify the minimum and maximum age for a password. The Minimum Password Age determines the smallest amount of time, in days, that a password must exist before it can be changed. The default is 42 days if the policy is enabled. The Maximum Password Age specifies the number of days that a password can exist before it expires and Windows requires the user to change the password.

  • Password length requirements The Minimum Password Length setting enables you to determine how many characters long a password must be. The maximum length is 256 characters.

  • Password complexity requirements This option enables you to require combinations of characters in a password. For example, you can require that passwords include uppercase and lowercase letters, that they be alphanumeric, or even that they include special characters.

  • Password expiration This option works with the password age requirements. When a password is set to expire, it will expire after it reaches the maximum age. You can also set a password never to expire, which disables the minimum and maximum age requirements.

  • Password history retention Windows can remember a designated number of previous passwords. With this setting enabled, users within your organization will have to generate unique passwords each time they change their password until they have surpassed the number of passwords remembered. For example, if this setting is configured to remember three passwords, then on the fourth password change, the original password could be used again.

These settings exist to help you make passwords a more secure authentication method. Because many organizations might not choose to invest in other authentication technologies, the user name and password sign-in should be capable of providing as secure a method as possible for authentication.

Note

SECURITY ALERT EDUCATE USERS ON SECURING PASSWORDS

Often, imposing strict and strange password complexity requirements on users will cause them to write down their password. This information is often stored under the keyboard or in a top desk drawer, and is therefore easily accessible to anyone in the building. One way to avoid this practice is to educate users about how the password is intended to work. You can also encourage users to use a pass phrase instead of a singular word with misspellings. Using a phrase related to a user’s hobby or something the user enjoys can provide more secure passwords than you might think.

Other  
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 9) - Configuring WMI filtering
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 8) - Managing GPO links, Configuring security filtering
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 7) - Viewing infrastructure status, Creating GPOs
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 6) - Advanced Audit Policy Configuration
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 5) - User Rights Assignment, Security Options
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 4) - Refreshing Group Policy
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 3) - Configuring a central store, Using Starter GPOs
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 2) - Group Policy and Active Directory design
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 1) - Understanding policies vs. preferences
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 5) - Monitoring system resources by using Performance Monitor
  •  
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us
    programming4us
     
     
    programming4us